Privacy Policy - JennaZwagil.com

Privacy Policy for JennaZwagil.com

Last Updated: July 7, 2025

At JennaZwagil.com ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website (https://jennazwagil.com), interact with our services, or engage with us through other channels.

This policy is designed to comply with applicable data protection laws across G20 jurisdictions, including but not limited to the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Brazil's Lei Geral de Proteção de Dados (LGPD), India's Digital Personal Data Protection Act (DPDPA), and China's Personal Information Protection Law (PIPL).

By using our website or services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our website or provide your personal information.

1. Information We Collect

We collect information to provide and improve our services, communicate with you, and comply with legal obligations. The types of information we may collect include:

a. Personal Information You Provide Directly:

  • Contact details (e.g., name, email address, phone number, mailing address) when you fill out contact forms, subscribe to newsletters, or register for events
  • Account information (e.g., username, password) if you create a user profile
  • Payment information (e.g., credit card details) for purchases or donations is processed securely via third-party payment processors
  • Comments, feedback, or inquiries submitted through our website or email

b. Information Collected Automatically

  • Device and usage data (e.g., IP address, browser type, operating system, pages visited, time spent on the site) collected via cookies, pixel tags, or similar technologies
  • Analytics data (e.g., via Google Analytics) to understand how users interact with our website, including referring sites and click patterns
  • Geolocation data (approximated from your IP address) to tailor content or comply with regional regulations

c. Information from Third Parties

  • Data from social media platforms (e.g., if you connect via Facebook or LinkedIn) or marketing partners, subject to their privacy policies
  • Information from affiliates or business partners, such as event organizers or network marketing platforms, if you engage with our services through them

Important: We do not collect sensitive personal information (e.g., social security numbers, racial or ethnic origins, political opinions, religious beliefs, health data, or criminal records) unless explicitly required and consented to for a specific purpose. We do not knowingly collect data from children under 16 without verifiable parental consent.

2. How We Use Your Information

We use your information for the following purposes, in compliance with applicable G20 regulations:

a. To Provide and Improve Services:

  • Process transactions, send confirmations, or deliver services you request (e.g., newsletters, event registrations)
  • Personalize your experience by tailoring content or recommendations based on your preferences or location

b. To Communicate with You

  • Respond to inquiries, provide customer support, or send administrative notices (e.g., policy updates, security alerts)
  • Send marketing communications (e.g., newsletters, promotional offers) with your explicit consent, where required

c. To Analyze and Enhance Our Website

  • Utilize analytics to comprehend user behavior, enhance website functionality, and refine content
  • Monitor and prevent fraudulent activity, unauthorized access, or abuse of our services

d. To Comply with Legal Obligations

  • Fulfill requirements under applicable laws, such as tax reporting, data subject rights requests, or law enforcement inquiries
  • Maintain records for audits or compliance with regulations like GDPR, CCPA, or LGPD

3. How We Share Your Information

We do not sell your personal information. We may share your data under the following circumstances:

a. With Service Providers:

  • Third-party vendors (e.g., Google Analytics, Flodesk for email marketing, Stripe for payments) process data on our behalf, bound by contracts ensuring compliance with applicable laws
  • These providers are prohibited from using your data for their own purposes

b. With Business Partners or Affiliates

If you engage with our services through partners (e.g., network marketing platforms or event organizers), we may share limited data to facilitate the service, with your consent where required.

c. For Legal Reasons:

  • To comply with legal obligations, court orders, or government requests (e.g., tax authorities, law enforcement)
  • To protect our rights, property, or safety, or that of our users or the public, such as preventing fraud or abuse

d. In Business Transfers:

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, with notice and safeguards to protect your privacy.

4. Cookies and Tracking Technologies

We use cookies, pixel tags, and similar technologies to enhance your experience, analyze usage, and deliver targeted content. Cookies may include:

  • Essential Cookies: Necessary for website functionality (e.g., maintaining your session)
  • Analytics Cookies: Track usage patterns to improve our site (e.g., Google Analytics)
  • Marketing Cookies: Enable personalized ads or content, subject to your consent

Cookie Management: You can manage cookie preferences through our cookie consent banner or your browser settings. Disabling cookies may limit website functionality. For more details, see our Cookie Policy.

5. International Data Transfers

As a global website, we may transfer your data to jurisdictions outside your country of residence, including the United States, where our servers or service providers are located. G20 countries have varying data protection standards, and we ensure compliance through:

  • Adequacy Decisions: For transfers to countries recognized as having adequate protections (e.g., EU to Canada)
  • Standard Contractual Clauses (SCCs): Legally binding agreements for transfers to non-adequate jurisdictions (e.g., EU to US), as required by GDPR
  • Binding Corporate Rules: For intra-group transfers, if applicable
  • Consent: Where required, we obtain your explicit consent for cross-border transfers

Regional Compliance: Under China's PIPL, we ensure data localization and security assessments for transfers outside China. Under India's DPDPA, we comply with restrictions on sensitive data exports.

6. Your Rights and Choices

You have rights over your personal data, subject to local laws in G20 jurisdictions. These may include:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data, subject to legal retention obligations
  • Restriction: Limit how we process your data in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests (e.g., marketing)
  • Withdraw Consent: Revoke consent for data processing at any time, without affecting prior lawful processing

CCPA/CPRA-Specific Rights (California Residents):

  • Opt out of the sale or sharing of personal information (we do not sell data, but may share for targeted advertising)
  • Limit use of sensitive personal information
  • Non-discrimination for exercising your rights

Exercising Your Rights: To exercise your rights, contact us at [email protected]. We will respond within the legally required timeframe (e.g., 30 days under GDPR, 45 days under CCPA). You may also file a complaint with your local data protection authority.

7. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption of data in transit (e.g., SSL/TLS) and at rest
  • Access controls to limit data access to authorized personnel
  • Regular security audits and vulnerability assessments
  • Secure third-party processors compliant with ISO 27001 or equivalent standards

Security Limitations: Despite these measures, no online transmission is 100% secure. If a data breach occurs, we will notify affected users and authorities as required by law (e.g., within 72 hours under GDPR).

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law.

Examples:

  • Contact form data is kept for 3 years to respond to inquiries or for recordkeeping
  • Analytics data is anonymized and retained indefinitely for trend analysis
  • Account data is deleted 6 months after account closure, unless legally required to retain

Secure Deletion: When data is no longer needed, we securely delete or anonymize it, following protocols compliant with GDPR, LGPD, and similar laws.

9. Third-Party Links

Our website may contain links to third-party sites (e.g., social media, payment processors, or partner platforms). We are not responsible for their privacy practices. Please review the privacy policies of these sites before providing personal information.

10. Children's Privacy

Our services are not directed to children under 16 (or the age of consent in your jurisdiction, e.g., 13 under COPPA in the US). If we learn that we have collected personal data from a child without verifiable parental consent, we will promptly delete it. Contact us if you believe we have such data.

11. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and, where required, by email or prominent notice. The "Last Updated" date at the top indicates the latest revision. Please review this policy periodically.

12. Contact Us

For questions, concerns, or to exercise your data protection rights, please contact our Data Protection Officer:

Email: [email protected]

Mailing Address: [insert physical address, if applicable]

If you are in the EU, contact the email above, and if required, we will appoint a representative.

Data Protection Authorities in G20 Countries:

  • EU: Data Protection Authorities (e.g., CNIL in France, ICO in the UK)
  • US: Federal Trade Commission (FTC) or California Attorney General
  • Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
  • India: Data Protection Authority (to be established under DPDPA)
  • China: Cyberspace Administration of China (CAC)